Version: 1
-Previous: fbeb4dd60a53cad6ae18cae842b8dceb0c09512d
-Head: 3aedaed70076ae9c524aaf840129cd0cb5e8fd79
+Previous: f5e585310c5127758bdcef425c186e1549e3146b
+Head: 7c779151e2f419f57579776d851d29d7aa9878f6
Applied:
ibacmp-missing-in-acm_log-form: 897fe7d6910d5a50742a6faf24e6de6bef6ce06f
ibacm-close-the-provider-endpo: 3aedaed70076ae9c524aaf840129cd0cb5e8fd79
+ ibacm-ibacmp-fix-a-crash-when-: 7c779151e2f419f57579776d851d29d7aa9878f6
Unapplied:
ibacm-incorrect-ifc_len-is-spe: 68daf3cc789742b6d741b4104775244272bcdf02
suse: 7076e2a00570a3cda4e4ce034419399a23ebfb0a
--- /dev/null
+Bottom: fab6eb4037e9f3c9e7e0ad14459441cbe31782cf
+Top: 9cc7c88273d098da57bd8769668c3f5ce87f1a36
+Author: Kaike Wan <kaike.wan@intel.com>
+Date: 2014-12-03 12:14:44 -0800
+
+ibacm/ibacmp: fix a crash when SM restarts
+
+Ibacm may cause segfault when the SM restarts: when the SM restarts, ibacm will
+receive P_Key change event and instruct ibacmp to close all endpoints. However,
+ibacmp only resets the core endpoint pointer in its ep structure and keeps the ep
+in the port's ep_list. Afterwards, the ibacm core will ask ibacmp to create
+an ep for each pkey enumerated from the local port. The ep will be found
+from the port's ep_list if it exists. However, if an old pkey is not present
+in the new SM configuration, the old ep will still be linked in the port's
+ep_list with the ep->endpoint being set to NULL. When the ibacm core forwards
+the client reregistration event to ibacmp, ibacmp will enumerate the ep_list and
+try to join multicast group for each ep, including any one with ep->endpoint
+set to NULL. In this case, it will cause segfault in acm_send_sa_mad().
+Additional check should be able to avoid the crash.
+
+Signed-off-by: Kaike Wan <kaike.wan@intel.com>
+
+
+---
+
+diff --git a/prov/acmp/src/acmp.c b/prov/acmp/src/acmp.c
+index 7568b9c..2b85958 100644
+--- a/prov/acmp/src/acmp.c
++++ b/prov/acmp/src/acmp.c
+@@ -1446,6 +1446,10 @@ static int acmp_port_join(void *port_context)
+ for (ep_entry = port->ep_list.Next; ep_entry != &port->ep_list;
+ ep_entry = ep_entry->Next) {
+ ep = container_of(ep_entry, struct acmp_ep, entry);
++ if (!ep->endpoint) {
++ /* Stale endpoint */
++ continue;
++ }
+ acmp_ep_join(ep);
+ }
+ acm_log(1, "joins for device %s port %d complete\n",
+diff --git a/src/acm.c b/src/acm.c
+index d807c73..2d0d2e1 100644
+--- a/src/acm.c
++++ b/src/acm.c
+@@ -2352,6 +2352,10 @@ acm_alloc_sa_mad(const struct acm_endpoint *endpoint, void *context,
+ {
+ struct acmc_sa_req *req;
+
++ if (!endpoint) {
++ acm_log(0, "Error: NULL endpoint\n");
++ return NULL;
++ }
+ req = calloc(1, sizeof (*req));
+ if (!req) {
+ acm_log(0, "Error: failed to allocate sa request\n");
projects / ~shefty / ibacm.git / commitdiff